About us > CSR Activities > About KYOCERA Document Solutions > Risk Management / Compliance

Risk Management / Compliance

Risk Management

In order to respond to internal and external risks that are growing more diversified, the Kyocera Document Solutions Group has established a Risk Management System, in an effort to forecast and prevent such an occurrence and minimize the loss in the event of an occurrence.

Risk Management Policy

In order to respond to the growing complexity of global risks, we are striving to enhance our risk management across the entire group. The Risk Management Department gathers information about the risks which may affect our group's credibility and business continuity, including large-scale disasters, environmental problems, information leakage, unfair labor practices and human rights' violations in the supply chain and takes the necessary preventative measures.

Risk Management System

•  Organization Chart of Risk Management

Organization Chart of Risk Management

Our Group's Risk Management System is operated under the leadership of the President and CEO. It consists of a Risk Management Committee, chaired by the Senior General Manager of the Corporate General Affairs Division, the department heads in charge of each respective risk (or their designees) and the Risk Management personnel. In the event of a serious occurrence (or the fear thereof), the Risk Management Department and the respective department responsible for the risk at hand, work together to respond quickly.
Internal company rules have been established (i.e., management rules regarding laws and regulations), as well as The Crisis Management Manual, designed to provide procedures for emergencies and minimizing losses. These regulations are available to all employees.

Business Continuity Plan*

We have strengthened our efforts to ensure business continuity in order that we can continue to supply products and services to customers in the event of a disaster, as well as to continuously engage in activities for disaster prevention. In Japan, we have strengthened our initial response system in the event of a large-scale earthquake or disaster and developed a system which can stably supply products and services, even if production is adversely affected by factors, such as a stoppage of the electricity supply and/or damage to production equipment.

Results in FY2018

  1. 1We developed and implemented FY2018 targets for disaster response plans.
  2. 2According to the damage estimation set by each plant, we conducted drills covering aspects from the initial action, to the restoration response at the Hirakata Plant and Tamaki Plant.
  3. 3We surveyed what our major business partners (those who supply us with pertinent parts) are doing about their own Business Continuity Plans.

Aim for FY2019

  1. 1We will develop and implement FY2019 targets for disaster response plans for all business sites and departments.
  2. 2According to the damage estimation set by each plant, we will conduct drills covering aspects from the initial action, to the restoration response.
  3. 3We will conduct a risk survey at our group companies outside of Japan and establish Business Continuity Plans.

*Business Continuity Plan: A Plan to set measures to prevent interruption of important operations when risks like disaster occur.

Information Security

Our group strives to use information assets effectively and efficiently by clarifying the fundamental issues to be observed and establishing a management system, when employees and other concerned parties handle information assets.

Information Security Policy

The comprehensive management of information (such as technical and personal information), is one of the most important tasks in order to accomplish the corporate social responsibilities. We have established an Information Security Basic Policy and Personal Information Protection Basic Policy and continue to thoroughly manage the handling of information.

Information Security System

Our group has established the Digital Information Security Committee, chaired by the President, and we are implementing measures, such as periodic employee education, managing the outside use and security of office equipment and devices and strengthening of e-mail security, globally. We are also working on the improvement of our system through periodic audits carried out by our legal audit and IT departments.

Results in FY2018

  1. 1We have enhanced the information security management by updating learning materials and providing e-learning education for all employees.
  2. 2The Cloud Development and Operation Department of the Corporate Business Workflow Solutions Division is certified by International Organization for Standardization (ISO) about ISO27001 and ISO27017. (Certification number:IS 676497/CLOUD 676499)
  3. 3We held the external assessment concerning information security, and visualized the information security measures for all business sites in Japan and established a plan for strengthening them.

Aim for FY2019

  1. 1We will continue to reinforce the organization that specializes in security, and strengthen 27 items, which are classified by IPA.
  2. 2 We will revise the provisions concerning information security and apply it to the common provisions of affiliate companies.
  3. 3We will conduct an information security assessment for affiliated companies outside of Japan, visualize the information security measures and establish a plan for strengthening them.

Compliance

As a member of the Kyocera Group, we make the "Kyocera Activity Policy" a norm and thoroughly conduct such as the control of the laws and regulations to be followed by each respective department, the establishment of an in-house communication network in case of the enforcement of new, or revision of existing, laws and the periodic legal audits in order to comply with laws and regulations, inside and outside of Japan.

Legal Compliance Efforts

Understanding and Dealing with Legal Information

In order to comply with laws and regulations, the law investigation department confirms the content of new and revised laws and provides relevant information for relevant departments. Then, the departments closely examine the contents and reflect them in each department's control provisions.

Legal Audits

The legal audit department periodically carries out a legal audit of each department. In this way, our compliance system is constantly maintained and improved.

Secure Export Control and Trading Control System

To ensure compliance with the laws and regulations governing import and export transactions, we have established a system which complies with laws and regulations of the Foreign Exchange and Foreign Trade Act and the Customs Act. Our Secure Export Control Regulations ensures secure export control, as stipulated in the Foreign Exchange, Foreign Trade Act and Customs Act. Also, regarding import and export, we have acquired specified exporter and importer authorization from customs and have conducted import and export processes, based on control procedures associated with trade-related operations. We carry out secure export control and conduct internal auditing of trade control and have confirmed that the system is being properly maintained.

Personal Information Protection

As part of our social responsibility, our group is composing a strategy for the protection of personal information obtained from stakeholders, through our business activities. Also, we have established a Personal Information Protection Basic Policy, which clarifies the purpose of using personal information and contains contacts for inquiries. Pertaining to our employees, we will provide an educational source regarding the handling of personal information. A personal information management system has also been established.

Efforts to Prevent Insider Trading

Our group has established Rules to Prevent Insider Trading, which stipulates the maintenance of an internal information management system and restrictions on buying and selling stocks. For our employees, we have also prepared a Guide for Prevention of Insider Trading and posted it on our employee intranet.

Efforts to Exclude Anti-Social Forces

By setting forth "solve the problem in a resolute attitude based on laws and regulations" in the Kyocera Activity Policy (which is provided as a code for employees when carrying out their day-to-day work), we ensure that we exclude anti-social forces. In addition, when we deal with our partners and suppliers, contract clauses are added for the elimination of anti-social forces.

Compliance Education

As part of our efforts to enhance compliance, we provide compliance education by employee level and by specific law. Every year, we provide compliance education for new employees, and each department provides education on relevant laws and regulations (e.g., the Antimonopoly Act, laws relating to secure export control and laws relating to customs).

Internal Notification System

In the Kyocera Group, we have an internal notification system which can accept questions, consultations from employees and reports about acts that violate, or may violate, laws, regulations and internal rules relating to human rights, labor, occupational safety and health, environment and fair trading. In addition, to clarify efforts, such as protection of personal privacy, we accept consultations from employees, directly, by telephone, email and other means. Then, we investigate and confirm their content in cooperation with relevant departments and take corrective actions and preventative measures.

Top of page

About us > CSR Activities > About KYOCERA Document Solutions > Risk Management / Compliance

(C)2018 KYOCERA Document Solutions Inc.